National Association of College and University Attorneys 1 November 11, 2009 NACUA Fall 2009 Workshop November 2009
IMPORTANCE OF COMPLIANCE STRATEGY AND STRUCTURE Risk Identification and Minimization External Expectations and Incentives Reputation Operational Efficiency and Quality Control National Association of College and University Attorneys 2 November 2009
ENTERPRISE RISK MANAGEMENT “Structured, consistent, and continuous process across the whole organization for identifying, assessing, deciding on responses to, and reporting on opportunities and threats that affect the achievement of its objectives.” (Institute of Internal Auditors) National Association of College and University Attorneys 3November 2009
IN OTHER WORDS... “ What could happen that might prevent the institution from achieving its plans, and what is being done to eliminate, reduce, or mitigate the risk?” National Association of College and University Attorneys 4November 2009
National Association of College and University Attorneys 5 November 2009
COMPLIANCE STANDARDS Multiple sources for standards External legal, auditor, or accreditation mandates (e.g., IRS, SOX, SACs, AGs, Rating Agencies) Professional association, auditor, insurer, or other external “best practices” standards Internal policies and procedures National Association of College and University Attorneys 6November 2009
FEDERAL SENTENCING GUIDELINES National Association of College and University Attorneys 7 Effective compliance program may result in substantial mitigation of assessed fines and penalties if criminal liability attaches to the organization One key benchmark for measuring institutional compliance programs November 2009
EFFECTIVE COMPLIANCE PROGRAM ELEMENTS (Federal Sentencing Guidelines) (1) Standards and procedures in place to prevent and deter violations of law (or policy) (2) Overall responsibility assigned to personnel with adequate resources and appropriate authority National Association of College and University Attorneys 8November 2009
EFFECTIVE COMPLIANCE PROGRAM ELEMENTS (3) Personnel with substantial authority are chosen with due diligence and are of high integrity (4) Effective training programs and dissemination of information National Association of College and University Attorneys 9November 2009
EFFECTIVE COMPLIANCE PROGRAM ELEMENTS (5) Monitoring / Reporting mechanism / Effective follow up (6) Consistent enforcement of standards through incentive and discipline (7) Appropriate response to violations of law National Association of College and University Attorneys 10November 2009
HIGHER ED. COMPLIANCE MODELS Centralized Coordination Model (e.g. U.Minn., U. Texas) Single university-wide Compliance Officer Leaders and administrators of various units within the university are liaisons with CO Used at many large research institutions with multiple campuses and schools National Association of College and University Attorneys 11November 2009
HIGHER ED. COMPLIANCE MODELS (cont’d) Other Centralized Models (e.g., Princeton, DePaul) Institutional Compliance Director (sometimes existing audit official) PLUS Executive Compliance Committee National Association of College and University Attorneys 12November 2009
HIGHER ED. COMPLIANCE MODELS (cont’d) Decentralized Model (e.g. Harvard) Compliance Officers at the school level Horizontal relationship of school COs with central audit/compliance personnel National Association of College and University Attorneys 13November 2009
HIGHER ED. COMPLIANCE MODELS (cont’d) “Stealth” Model (e.g. Baylor) Decentralized, without designated Compliance Officer(s) Compliance responsibilities assigned to various deans, directors, committees, etc. Stronger oversight role in OGC, Audit, etc. National Association of College and University Attorneys 14November 2009
FORMER W&L COMPLIANCE STRUCTURE Compliance efforts, processes, and reporting ongoing, but without formalized structure and coordination. Mixed approaches in place; primarily “stealth” with OGC taking the lead National Association of College and University Attorneys 15November 2009
FORMER W&L COMPLIANCE STRUCTURE Some designated officers or committees (e.g. Director of Environmental Health and Safety, Information Security Program, Institutional Review Board) Some project-based committees (e.g. Information Technology Security Working Group, Employee and Faculty Handbook Review Groups) National Association of College and University Attorneys 16November 2009
COMPLIANCE STRUCTURE Considerations: Decentralized culture and institutional history Active and highly valued tradition of “shared governance” vs. “directives” from those not familiar with operational reality Avoid creation of new bureaucracy and/or redundancy of efforts Address all risk areas with highest risks first priority National Association of College and University Attorneys 17November 2009
MATRIX COMPLIANCE PROGRAM Modeled primarily on Stanford’s program Decentralized matrix of University offices and administrators assigned responsibility for specific compliance areas, coordinated and supported by Office of General Counsel (Associate General Counsel for Compliance Support) with OGC as resource for all operational areas National Association of College and University Attorneys 18November 2009
MATRIX COMPLIANCE PROGRAM Components: Compliance areas (clusters of laws, high risks, etc.) (e.g. Student Financial Aid) Cognizant Policy Office/Officer (member of President’s Council with overall responsibility) (e.g. Dean of Admissions and Financial Aid) Functionally Responsible Office(s) and Officer(s) (e.g. Financial Aid Director) National Association of College and University Attorneys 19November 2009
MATRIX COMPLIANCE PROGRAM Associate General Counsel for Compliance Support (AGC) is coordinator for functionally responsible officers, who serve as Compliance Partners Matrix Program provides institutional coordination and record of compliance efforts National Association of College and University Attorneys 20November 2009
MATRIX COMPLIANCE PROGRAM OGC advises President and President’s Council on a periodic basis (at least quarterly) of compliance programming updates and reports to Audit Subcommittee at each Board meeting and otherwise as necessary National Association of College and University Attorneys 21November 2009
National Association of College and University Attorneys 22 November 2009
W&L COMPLIANCE RESOURCES W&L’s Compliance Matrix ( W&L’s Compliance Calendars ( ComplianceCalendars.html) ComplianceCalendars.html W&L’s Compliance Worksheet Template ( pdf) pdf National Association of College and University Attorneys 23November 2009
COMPLIANCE WORKSHEET Date of Compliance Review Compliance Area Cognizant Policy Officer Compliance Partner(s) Source of Compliance Obligations Responsible Agency or Enforcement Body Enforcement and Risk Exposure/Sanctions Key Compliance Obligations National Association of College and University Attorneys 24November 2009
COMPLIANCE WORKSHEET (cont’d) Policies, Procedures, Practices, Training, Reporting, etc. in Place as Required Gaps or Issues to be Addressed/Followed Other Campus Offices Affected/Coordination Needed Resources (compliance calendar, templates, etc.) Date for Follow Up to Address Gaps or Issues Date of Next Regular Review National Association of College and University Attorneys 25November 2009
OTHER PROGRAM RESOURCES University of Texas ( University of Minnesota ( Princeton University ( DePaul University ( Stanford University ( National Association of College and University Attorneys 26November 2009